I am trying to configure the multi site of magento 2.1.3
Here is the configuration: Plesk Onyx 17.0.17 (CentOS Linux 7.3.1611 (Core)) Magento 2.1.3
I followed the tutorial:
Magento + base url etc ..
Ln -s /var/www/vhosts/domain.com/httpdocs /var/www/vhosts/store2.com/symlink
Chown -h store2: psacln /var/www/vhosts/store2.com/symlink
On plesk: open_basedir on store2.com: /var/www/vhosts/store2.com/symlink:/var/www/vhosts/domain.com/httpdocs:/tmp and directory symlink
But I get: AH00037: Symbolic link not allowed or link not accessible: /var/www/vhosts/store2.com/symlink
Lrwxrwxrwx 1 user psacln 40 Feb 7, 18:55 /var/www/vhosts/store2.com/symlink -> /var/www/vhosts/domain.com/httpdocs
user is the user of the store2
An idea ?
Thanks ALL
Don't allow user of one subscription access to another subscription (at least it's a security violation). Move everything into one subscription.
Related
I am setting up a VM with NGINX, uWSGI FLASK, and Ubuntu 22.04.
I know this question has been asked but I couldn't find a clear answer or a good solution.
I get a 502 - Bad Gateway error from NGINX when its user in nginx.conf is 'www-data' but not when I set it as root or my sudo user.
I created a project folder in my sudo-user home directory. Put the virtual environment inside. With the application files, etc. The website works with:
uwsgi --socket 0.0.0.0:5000 --protocol=http -w wsgi:app
But NGINX can't access my socket. No matter how I change my socket's permissions or ownership, I get a 502.
But if the user in nginx.conf is root or my sudo-user name, then it works. I tried changing modes and ownerships but nothing works.
Is it safe to use my sudo-user in nginx.conf?
Does anybody have an idea how to solve this and grant access to the socket to www-data user?
Current permissions for the files:
-rw-rw-r-- 1 anthony anthony 151 Aug 29 04:16 main.ini
-rw-rw-r-- 1 anthony anthony 340 Aug 28 13:35 main.py
srw-rw---- 1 anthony www-data 0 Aug 29 05:05 main.sock
drwxrwxr-x 4 anthony anthony 4096 Aug 28 06:27 venv
-rw-rw-r-- 1 anthony anthony 60 Aug 28 08:11 wsgi.py
Nginx sites-available file:
server {
listen 80;
server_name xyz.com www.xyz.com;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/anthony/website/main.sock;
}
}
Systemd service file:
[Unit]
Description=uWSGI instance to serve xyz
After=network.target
[Service]
User=anthony
Group=www-data
WorkingDirectory=/home/anthony/website
Environment="PATH=/home/anthony/website/venv/bin"
ExecStart=/home/anthony/website/venv/bin/uwsgi --ini main.ini
[Install]
WantedBy=multi-user.target
ini file for UWSGI:
[uwsgi]
module = wsgi:app
master = true
processes = 5
socket = /home/anthony/website/main.sock
chmod-socket = 660
vacuum = true
die-on-term = true
Beginning of NGINX's conf file (nothing helpful here I think):
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
Thank you for your help.
I found a solution that I find clean.
On the website for the mod_wsgi they say:
On some Linux distributions, the home directory of a user account is not accessible to other users. Rather than change the permissions on your home directory, it might be better to consider locating your WSGI application code and any Python virtual environment outside of your home directory.
So I deleted the whole project in my home directory, and instead created a virtual environment in /usr/local/venvs/. I gave permission sudo chmod 777 /usr/local/venvs in order to be able to create the virtualenv of my website into it (otherwise the write access is denied for the virtualenv command).
I created the application folder in /var/www/mywebsite to be consistent with NGINX's default configurations, and updated the links to python, uwsgi, the socket, set user www-data in nginx.conf, etc... And now it works.
Either I did something wrong when trying to give permission to my home directory earlier, or Ubuntu 22.04 just doesn't allow other users at all. I any case I find this solution much cleaner than giving access to my home directory or using my sudo-user for nginx.
Hope it can help someone in future.
Thanks
EDIT:
I found the reason why it didn't work in the home folder.
By default (at least on my Ubuntu 22.04 version), the users' home directory have a permission 750.
Setting it to 751 solves the Bad Gateway issue. I think the reason is that .ini file of uWSGI (mine is place in my application folder) that is called from the .service file in /etc/systemd/system/ folder:
[Unit]
Description=uWSGI instance to serve website
After=network.target
[Service]
User=anthony
Group=www-data
WorkingDirectory=/home/anthony/website
Environment="PATH=/usr/local/venvs/website-venv/bin"
ExecStart=/usr/local/venvs/website-venv/bin/uwsgi --ini main.ini
[Install]
WantedBy=multi-user.target
But I am no sure at all, I am a new user of Unix-like systems.
At least apparently many distribution have a permission 755 for user's home directory by default, so switching from 750 to 751 seems fine, security-wise, and makes accessing the app folder more convenient.
What I did
after I successful login the admin user, I visit again to /admin/login, it redirect to /,
even after login user access to /admin/login, it should be redirect to /admin, I do not want to access RouteServiceProvider::HOME, how to detect two different user session?
What I expected to happen
I expect to redirect to "home_link" location 'admin/dashboard'
What happened
It redirect to /
What I've already tried to fix it
I install Laravel/Breeze, I can set it from the RouteServiceProvider
public const HOME = '/';
But it want to separate from admin and normal user, How can I set the it path?
Backpack, Laravel, PHP, DB version
When I run php artisan backpack:version the output is:
PHP VERSION:
PHP 7.4.12 (cli) (built: Oct 29 2020 18:37:21) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.12, Copyright (c), by Zend Technologies
LARAVEL VERSION:
v8.12.3#6707480c5f0db7aa07537f9ad93255b64b65b85e
BACKPACK VERSION:
4.1.26#ae68ca24844929ac38d2e792197551e823c43570
As response from:
https://github.com/Laravel-Backpack/CRUD/issues/3353#issuecomment-734454506
under /app/Http/Middleware/RedirectIfAuthenticated.php
I added a check for a guard 'backpack', then redirect to admin dashboard.
foreach ($guards as $guard) {
if (Auth::guard($guard)->check()) {
if($guard == 'backpack')
return redirect('/admin/dashboard');
return redirect(RouteServiceProvider::HOME);
}
}
I have a CentOS7 server that will be deployed to a customer site. I want to get alerts via emails when something goes wrong on the server.
I have an office365 account so I am thinking whether I can use it as a SMTP relay server. (Forgive me here if my words don't make sense since I have very limited knowledge about SMTP and email related technology).
My first question is, do I need to do anything special with the office365 account? I am using smtp.office365.com:587 as the SMTP relay host.
Here is my postfix main.cf config:
relayhost = [smtp.office365.com]:587
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_security_level = may
smtp_sasl_security_options = noanonymous
Here is my "generic" and "sasl_passwd" file look like. I also used the "postmap" to generate the .db file
/.*/ <o365 email>
root#server.difan.local <o365 email>
root#localdomain <o365 email>
#localdomain <o365 email>
[smtp.office365.com]:587 <o365 email>:<o365 password>
This is the command I used to test it
echo "This is the body of the email" | mail -s "This is the subject line" difan.zhao#outlook.com
Here is what I see in /var/log/maillog
Mar 26 10:46:00 server postfix/pickup[1921]: 5DC594087202: uid=0 from=<root>
Mar 26 10:46:00 server postfix/cleanup[2495]: 5DC594087202: message-id=<20170326164600.5DC594087202#server.difan.local>
Mar 26 10:46:00 server postfix/qmgr[1922]: 5DC594087202: from=<root#server.difan.local>, size=486, nrcpt=1 (queue active)
Mar 26 10:46:00 server postfix/smtp[2497]: warning: SASL authentication failure: No worthy mechs found
Mar 26 10:46:00 server postfix/smtp[2497]: 5DC594087202: SASL authentication failed; cannot authenticate to server smtp.office365.com[40.97.128.34]: no mechanism available
... <last two messages repeated 4 times>
Mar 26 10:46:02 server postfix/smtp[2497]: 5DC594087202: to=<difan.zhao#outlook.com>, relay=smtp.office365.com[40.97.142.194]:587, delay=2.2, delays=0.02/0/2.2/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.office365.com[40.97.142.194]: no mechanism available)
Where did I do wrong here? Thanks!
Firstly change your generic files to:
/.*/ email#domain.com
Secondly verify your generic and sasl permissions:
set the owner and permissions.
sudo postmap hash:/etc/postfix/generic
sudo chown root:root /etc/postfix/generic /etc/postfix/generic.db
sudo chmod 644 /etc/postfix/generic /etc/postfix/generic.db
Same to sasl_passwd and db file.
On new versions of Ubuntu/Debian you need install this package: libsasl2-modules
apt install libsasl2-modules
And then reload postfix
systemctl reload postfix
I had to install these... Not sure what they are but they worked!
yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
I was following this guide to setup an LDAP server on CentOS 6.6: http://www.learnitguide.net/2016/01/configure-openldap-server-on-rhel7.html. I know the guide is for RHEL, but I think the vast majority of steps should be the same. I went through the tutorial and everything seems to work right except for sshing into the server as an LDAP user. As root I am able to su to any LDAP user. getent passwd username returns appropriate results. But every time I try to ssh in as a user I get permission denied and these messages show up in /var/log/secure:
Aug 8 22:13:14 servername sshd[5900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rhostname user=username
Aug 8 22:13:14 servername sshd[5900]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=rhostname user=username
Aug 8 22:13:14 servername sshd[5900]: pam_sss(sshd:auth): received for user username: 6 (Permission denied)
Aug 8 22:13:17 servername sshd[5900]: Failed password for username from rhostIPaddress port 34758 ssh2
I was hoping maybe someone may know of a step that guide left out that would cause this behavior. Thanks.
Turns out the self signed certificate I was using needed to have the IP address as the common name as opposed to the FQDN, not sure why that is but it's working now.
Information that can help others.
In my case this message was a time difference problem between the FreeIPA server and the clients. The command systemctl status sssd -l presented the message (skew clock too great).
This message from the Kerberos authentication server appears if the difference hour in servers is too large (more than three or four minutes).
OS: Ubuntu Server
I am trying to use an auto reply program for one of the users.
It works fine when I have user email address defined in .forward file but it gives following error when I put it in script:
Jun 28 12:25:38 localhost sendmail[5210]: s5SJPFkN005208: to="|/home/alpha/autoreply.pl", ctladdr=alpha#localhost (501/501), delay=00:00:10, xdelay=00:00:00, mailer=prog, pri=60446, dsn=5.0.0, stat=Service unavailable
Jun 28 12:25:38 localhost sendmail[5210]: s5SJPFkN005208: s5SJPckN005210: DSN: Service unavailable
Do I have have make any changes in sendmail configs (i.e. symbolic link etc)?
Thanks.
1.Have you checked problems mentioned in sendmail FAQ?
Sendmail-FAQ-3.11: Why can't my users forward their mail to a program?
2. On most linuxes sendmail uses procmail as local mailer program.
You may try to execute your script from ~/.procmailrc of the user.
The issue was /etc/smrsh did not have symbolic link for perl which can be defined as
ln -s /usr/bin/perl /etc/smrsh/perl